MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

151

152

153

154

155

156

157

158

159

160

Discovery authentication

Authentication can be enabled during the discovery process to allow a controller and AP to validate

each other prior to establishing a control channel. Authentication can be mutual, or can be

performed by either the controller or AP, depending on how you define the configuration.

• Shared secret/Confirm shared secret: Specify the shared secret that the controller will use

when authenticating an AP, or when responding to an authentication request from an AP. For

a control channel to be established, the secret you define here must match the one configured

for the AP under Controlled APs >> Provisioning > Discovery > Discovery authentication. The

shared secret must be between eight characters and twenty characters long.

• Authenticate APs before connecting: Enable this option to have the controller authenticate an

AP before establishing a control channel with it. If you do not enable this option, the AP may

still authenticate the controller depending on the settings you make under Controlled APs >>

Provisioning > Discovery > Discovery authentication.

Discovery considerations

If controlled APs are behind a firewall or NAT device, refer to the following sections.

Firewall

If the network path between an AP and a controller traverses a firewall the following ports must

be opened for management and discovery to work:

Ports are used byOpen these portsProtocol

Discovery protocol the AP uses to find a

controller.

Source and destination = 38212 (9544 hex)UDP

Management tunnel that is established between

an AP and a controller.

Destination = 1194 (4AA hex)UDP

Software updates and certificate exchanges (for

the management tunnel).

Source and destination = 1194 (4AA hex)TCP

Client data tunnel.Source and destination = 3001 (BB9 hex)UDP

Location aware. This is only necessary if

autonomous APs are using the access-controlled

(public access) interface.

Source = 39064 (9898 hex) Destination =

1800 (708 hex), 1812 (714 hex), 1813 (715

hex), 30840 (7878 hex)

UDP

NAT

If the network path between an AP and a controller implements NAT (network address translation),

discovery will only work if NAT functions on outbound traffic sent from the AP to the controller. If

NAT operates in the other direction, discovery will fail.

Monitoring the discovery process

This Summary menu lists the number of controlled APs discovered by the controller. APs are grouped

according to their management state. For example: Synchronized, Detected, Configured, Pending.

An AP may be active in more than one state at the same time. For example, an AP may be both

Detected and Synchronized. Select the state name to display information about all APs in that state.

154 Working with controlled APs